Skip to content

Commit

Permalink
feat(ruby rules): add ruby google dataflow rule (#553)
Browse files Browse the repository at this point in the history 
* feat: add ruby google dataflow rule

* Update pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow.yml

Co-authored-by: Mark Michon <mark.michon@bearer.sh>

---------

Co-authored-by: Mark Michon <mark.michon@bearer.sh>
  • Loading branch information
@elsapet @markmichon
elsapet and markmichon authored Feb 13, 2023
1 parent d7a80d0 commit eaaed72
Show file tree
Hide file tree
Showing 39 changed files with 1,124 additions and 0 deletions.
10 changes: 10 additions & 0 deletions integration/rules/ruby_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,3 +303,13 @@ func TestRubyThirdPartiesSegmentDataflow(t *testing.T) {
t.Parallel()
runRulesTest("ruby/third_parties/segment", "dataflow", "ruby_third_parties_segment", t)
}

func TestRubyThirdPartiesGoogleDataflowSummary(t *testing.T) {
t.Parallel()
runRulesTest("ruby/third_parties/google_dataflow", "summary", "ruby_third_parties_google_dataflow", t)
}

func TestRubyThirdPartiesGoogleDataflowDataflow(t *testing.T) {
t.Parallel()
runRulesTest("ruby/third_parties/google_dataflow", "dataflow", "ruby_third_parties_google_dataflow", t)
}
140 changes: 140 additions & 0 deletions pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
patterns:
- pattern: |
$<VAR>.message_text = $<DATA_TYPE>
filters:
- variable: VAR
detection: google_dataflow_message_text_classes
- variable: DATA_TYPE
detection: datatype
- pattern: |
$<VAR>.description = $<DATA_TYPE>
filters:
- variable: VAR
detection: google_dataflow_description_classes
- variable: DATA_TYPE
detection: datatype
- pattern: |
$<VAR>.value = $<DATA_TYPE>
filters:
- variable: VAR
detection: google_dataflow_value_classes
- variable: DATA_TYPE
detection: datatype
- pattern: |
$<VAR>.create_job_from_template($<...>$<DATA_TYPE>$<...>)
filters:
- variable: VAR
detection: google_dataflow_templates_service_client_init
- variable: DATA_TYPE
detection: datatype
- pattern: |
$<VAR>.$<METHOD> = $<DATA_TYPE>
filters:
- variable: VAR
detection: google_dataflow_template_metadata_init
- variable: DATA_TYPE
detection: datatype
- variable: METHOD
values:
- description
- name
- pattern: |
$<VAR>.metadata = $<...>$<DATA_TYPE>$<...>
filters:
- variable: VAR
detection: google_dataflow_config
- variable: DATA_TYPE
detection: datatype
languages:
- ruby
auxiliary:
- id: google_dataflow_client_init
patterns:
- |
Google::Cloud::Dataflow::$<_>::$<_>::Client.new
- pattern: |
Google::Cloud::Dataflow.$<METHOD>
filters:
- variable: METHOD
values:
- messages
- templates_service
- flex_templates_service
- jobs
- metrics
- snapshots
- id: google_dataflow_config
patterns:
- pattern: |
$<VAR>.configure
filters:
- variable: VAR
detection: google_dataflow_client_init
- pattern: |
$<VAR>.configure { |$<!>$<_:identifier>| }
filters:
- variable: VAR
detection: google_dataflow_client_init
- id: google_dataflow_message_text_classes
patterns:
- |
Google::Cloud::Dataflow::$<_>::StructuredMessage.new
- |
Google::Cloud::Dataflow::$<_>::JobMessage.new
- id: google_dataflow_snapshots_client_init
patterns:
- |
Google::Cloud::Dataflow::$<_>::Snapshots::Client.new
- |
Google::Cloud::Dataflow.snapshots
- id: google_dataflow_description_classes
patterns:
- |
Google::Cloud::Dataflow::$<_>::SnapshotJobRequest.new
- pattern: |
$<VAR>.get_snapshot
fitlers:
- variable: VAR
detection: google_dataflow_snapshots_client_init
- id: google_dataflow_value_classes
patterns:
- |
Google::Cloud::Dataflow::$<_>::JobMessage.new
- |
Google::Cloud::Dataflow::$<_>::CreateJobFromTemplateRequest::ParametersEntry.new
- |
Google::Cloud::Dataflow::$<_>::ParameterMetadata::CustomMetadataEntry.new
- |
Google::Cloud::Dataflow::$<_>::StructuredMessage::Parameter.new
- id: google_dataflow_templates_service_client_init
patterns:
- |
Google::Cloud::Dataflow::$<_>::TemplatesService::Client.new
- |
Google::Cloud::Dataflow.templates_service
- id: google_dataflow_template_metadata_init
patterns:
- |
Google::Cloud::Dataflow::$<_>::TemplateMetadata.new
trigger: local
severity:
default: low
PII: critical
PHI: medium
PD: high
skip_data_types:
- "Unique Identifier"
metadata:
description: "Do not send sensitive data to Google Dataflow."
remediation_message: |
## Description
Leaking sensitive data to a third-party service is a common cause of data leaks and can lead to data breaches. This rule looks for instances of sensitive data sent to Google Dataflow.
## Remediations
When sending data to third-party services, ensure all sensitive data is removed.
## Resources
- [Google Dataflow Docs](https://cloud.google.com/ruby/docs/reference/google-cloud-dataflow/latest)
dsr_id: DSR-1
id: ruby_third_parties_google_dataflow
79 changes: 79 additions & 0 deletions ...sGoogleDataflowDataflow-dataflow_ruby_third_parties_google_dataflow_datatype_in_config.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
data_types:
- name: Email Address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 8
field_name: email
object_name: current_user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 13
field_name: email
object_name: current_user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 14
field_name: email
object_name: current_user
subject_name: User
risks:
- detector_id: ruby_third_parties_google_dataflow
data_types:
- name: Email Address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 8
parent:
line_number: 8
content: 'config.metadata = { current_user_id: current_user.email }'
field_name: email
object_name: current_user
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 14
parent:
line_number: 14
content: 'client_config.metadata = { current_user_id: current_user.email }'
field_name: email
object_name: current_user
subject_name: User
- detector_id: google_dataflow_client_init
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 2
parent:
line_number: 2
content: Google::Cloud::Dataflow.messages
content: |
Google::Cloud::Dataflow.$<METHOD>
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 3
parent:
line_number: 3
content: Google::Cloud::Dataflow::V1beta3::Messages::Client.new
content: |
Google::Cloud::Dataflow::$<_>::$<_>::Client.new
- detector_id: google_dataflow_config
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 6
parent:
line_number: 6
content: client.configure
content: |
$<VAR>.configure
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_config.rb
line_number: 7
parent:
line_number: 7
content: config
content: |
$<VAR>.configure { |$<!>$<_:identifier>| }
components: []


--

47 changes: 47 additions & 0 deletions ...leDataflowDataflow-dataflow_ruby_third_parties_google_dataflow_datatype_in_job_message.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
data_types:
- name: IP address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_job_message.rb
line_number: 2
field_name: ip_address
object_name: user
subject_name: User
risks:
- detector_id: ruby_third_parties_google_dataflow
data_types:
- name: IP address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_job_message.rb
line_number: 2
parent:
line_number: 2
content: 'msg.message_text = "Current user: #{user.ip_address}"'
field_name: ip_address
object_name: user
subject_name: User
- detector_id: google_dataflow_message_text_classes
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_job_message.rb
line_number: 1
parent:
line_number: 1
content: Google::Cloud::Dataflow::V1beta3::JobMessage.new
content: |
Google::Cloud::Dataflow::$<_>::JobMessage.new
- detector_id: google_dataflow_value_classes
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_job_message.rb
line_number: 1
parent:
line_number: 1
content: Google::Cloud::Dataflow::V1beta3::JobMessage.new
content: |
Google::Cloud::Dataflow::$<_>::JobMessage.new
components: []


--

73 changes: 73 additions & 0 deletions ...oogleDataflowDataflow-dataflow_ruby_third_parties_google_dataflow_datatype_in_metadata.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
data_types:
- name: IP address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 2
field_name: ip_address
object_name: customer
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 5
field_name: ip_address
object_name: customer
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 6
field_name: ip_address
object_name: customer
subject_name: User
risks:
- detector_id: ruby_third_parties_google_dataflow
data_types:
- name: IP address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 2
parent:
line_number: 2
content: 'custom_metadata.value = "ip: #{customer.ip_address}"'
field_name: ip_address
object_name: customer
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 5
parent:
line_number: 5
content: 'template_metadata.description ="ip: #{customer.ip_address}"'
field_name: ip_address
object_name: customer
subject_name: User
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 6
parent:
line_number: 6
content: 'template_metadata.name ="ip: #{customer.ip_address}"'
field_name: ip_address
object_name: customer
subject_name: User
- detector_id: google_dataflow_template_metadata_init
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 4
parent:
line_number: 4
content: Google::Cloud::Dataflow::V1beta3::TemplateMetadata.new
content: |
Google::Cloud::Dataflow::$<_>::TemplateMetadata.new
- detector_id: google_dataflow_value_classes
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_metadata.rb
line_number: 1
parent:
line_number: 1
content: Google::Cloud::Dataflow::V1beta3::ParameterMetadata::CustomMetadataEntry.new
content: |
Google::Cloud::Dataflow::$<_>::ParameterMetadata::CustomMetadataEntry.new
components: []


--

38 changes: 38 additions & 0 deletions ...eDataflowDataflow-dataflow_ruby_third_parties_google_dataflow_datatype_in_params_entry.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
data_types:
- name: IP address
detectors:
- name: ruby
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_params_entry.rb
line_number: 2
field_name: ip_address
object_name: customer
subject_name: User
risks:
- detector_id: ruby_third_parties_google_dataflow
data_types:
- name: IP address
stored: false
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_params_entry.rb
line_number: 2
parent:
line_number: 2
content: 'param.value = "ip: #{customer.ip_address}"'
field_name: ip_address
object_name: customer
subject_name: User
- detector_id: google_dataflow_value_classes
locations:
- filename: pkg/commands/process/settings/rules/ruby/third_parties/google_dataflow/testdata/datatype_in_params_entry.rb
line_number: 1
parent:
line_number: 1
content: Google::Cloud::Dataflow::V1beta3::CreateJobFromTemplateRequest::ParametersEntry.new
content: |
Google::Cloud::Dataflow::$<_>::CreateJobFromTemplateRequest::ParametersEntry.new
components: []


--

Loading

0 comments on commit eaaed72

Please sign in to comment.